67 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-38482
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: / IRQs 2,3,5,6,7, 10,11,15 are valid for...
BIT-LIBPHP-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...
PDF-XChange Editor 缓冲区错误漏洞
PDF-XChange Editor is a PDF-XChange company running on Microsoft Windows systems in the PDF file viewer software. An information disclosure vulnerability exists in PDF-XChange Editor, which is caused by a lack of proper validation of user-supplied data. An attacker could exploit this vulnerabilit...
CVE-2025-49848
An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of allocated data...
CVE-2000-1237
The POP3 server in FTGate returns an -ERR code after receiving an invalid USER request, which makes it easier for remote attackers to determine valid usernames and conduct brute force password guessing...
CVE-2025-22044 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpinfitctl Syzkaller has reported a warning in tonfitbusuuid: "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMMBUSFAMILYNFIT == 0...
CVE-2025-0285
Various Paragon Software products contain an arbitrary kernel memory mapping vulnerability within biontdrv.sys that is caused by a failure to properly validate the length of user supplied data, which can allow an attacker to perform privilege escalation exploits...
BIT-PHP-MIN-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...
Ashlar Vellum Cobalt 安全漏洞
Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. A security vulnerability exists in Ashlar Vellum Cobalt that stems from a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execute code in the...
PT-2024-16882 · WordPress · Woocommerce Point Of Sale
Name of the Vulnerable Software and Affected Versions: WooCommerce Point of Sale plugin for WordPress versions up to, and including, 6.1.0 Description: The issue is due to insufficient validation on the logged in user id value when option values are empty, allowing attackers to change the email o...
DEBIAN-CVE-2024-53098
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address accessok only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. cherry picked from commit...
Brokerage Wave 安全漏洞
Brokerage Wave is a frontend product from Brokerage, Inc. A security vulnerability exists in Brokerage Wave version 2.0, which stems from an exception mishandling of invalid inputs by an API endpoint, which allows an attacker to generate an error message containing sensitive information about the...
PT-2024-34704 · Wave 2.0 · Wave 2.0
Name of the Vulnerable Software and Affected Versions: Wave 2.0 Description: This issue is caused by improper exception handling for invalid inputs at a certain API endpoint. An authenticated remote attacker could exploit this by providing invalid inputs for the userId parameter in the API reques...
PT-2024-35561
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the drm/xe/ufence component, where the access ok function only checks for address overflow, but not for...
AZL-47835 CVE-2024-42284 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipcudpaddr2str on error tipcudpaddr2str should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipcmediaaddrprintf. Fix this by returni...
MGASA-2024-0262 Updated php packages fix security vulnerability
This update ships the latest version of php 8.2. It brings fixed security issues and the usual bug fixes. Vulnerability: A code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information...
USN-6841-1 php7.4, php8.1, php8.2, php8.3 vulnerability
It was discovered that PHP could early return in the filtervar function resulting in invalid user information being treated as valid user information. An attacker could possibly use this issue to expose raw user input information...
BIT-PHP-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...
CVE-2024-5458
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...
AZL-42430 CVE-2024-5458 affecting package php for versions less than 8.1.29-1
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...